CVE-2005-2096

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt

http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

http://secunia.com/advisories/15949

http://secunia.com/advisories/17054

http://secunia.com/advisories/17225

http://secunia.com/advisories/17236

http://secunia.com/advisories/17326

http://secunia.com/advisories/17516

http://secunia.com/advisories/18377

http://secunia.com/advisories/18406

http://secunia.com/advisories/18507

http://secunia.com/advisories/19550

http://secunia.com/advisories/19597

http://secunia.com/advisories/24788

http://secunia.com/advisories/31492

http://secunia.com/advisories/32706

http://security.gentoo.org/glsa/glsa-200507-05.xml

http://securitytracker.com/id?1014398

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1

http://support.apple.com/kb/HT3298

http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm

http://www.debian.org/security/2005/dsa-740

http://www.debian.org/security/2005/dsa-797

http://www.debian.org/security/2006/dsa-1026

http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml

http://www.kb.cert.org/vuls/id/680620

http://www.mandriva.com/security/advisories?name=MDKSA-2005:112

http://www.mandriva.com/security/advisories?name=MDKSA-2005:196

http://www.mandriva.com/security/advisories?name=MDKSA-2006:070

http://www.redhat.com/support/errata/RHSA-2005-569.html

http://www.redhat.com/support/errata/RHSA-2008-0629.html

http://www.securityfocus.com/archive/1/421411/100/0/threaded

http://www.securityfocus.com/archive/1/464745/100/0/threaded

http://www.securityfocus.com/archive/1/482503/100/0/threaded

http://www.securityfocus.com/archive/1/482505/100/0/threaded

http://www.securityfocus.com/archive/1/482571/100/0/threaded

http://www.securityfocus.com/archive/1/482601/100/0/threaded

http://www.securityfocus.com/archive/1/482949/100/0/threaded

http://www.securityfocus.com/archive/1/482950/100/0/threaded

http://www.securityfocus.com/bid/14162

http://www.ubuntulinux.org/usn/usn-151-3

http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html

http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html

http://www.vupen.com/english/advisories/2005/0978

http://www.vupen.com/english/advisories/2006/0144

http://www.vupen.com/english/advisories/2007/1267

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680

https://exchange.xforce.ibmcloud.com/vulnerabilities/24064

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542

https://usn.ubuntu.com/148-1/

Details

Source: MITRE

Published: 2005-07-06

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
17827MySQL < 4.1.13a / 5.0.10 Zlib Library Buffer OverflowNessusDatabases
high
57528Debian DSA-773-1 : amd64 - several vulnerabilitiesNessusDebian Local Security Checks
critical
43839RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)NessusRed Hat Local Security Checks
critical
43838RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)NessusRed Hat Local Security Checks
critical
43836RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)NessusRed Hat Local Security Checks
critical
41078SuSE9 Security Update : zlib (YOU Patch Number 10347)NessusSuSE Local Security Checks
high
41077SuSE9 Security Update : perl-Compress-Zlib (YOU Patch Number 10292)NessusSuSE Local Security Checks
high
4754Safari < 3.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
34772Safari < 3.2 Multiple VulnerabilitiesNessusWindows
high
23414Solaris 8 (sparc) : 119209-36NessusSolaris Local Security Checks
high
22568Debian DSA-1026-1 : sash - buffer overflowsNessusDebian Local Security Checks
high
21947CentOS 4 : zlib (CESA-2005:569)NessusCentOS Local Security Checks
high
21714HP-UX PHSS_34567 : HP-UX Secure Shell Remote Denial of Service (DoS) (HPSBUX02090 SSRT051058 rev.2)NessusHP-UX Local Security Checks
high
21713HP-UX PHSS_34566 : HP-UX Secure Shell Remote Denial of Service (DoS) (HPSBUX02090 SSRT051058 rev.2)NessusHP-UX Local Security Checks
high
21472FreeBSD : zlib -- buffer overflow vulnerability (8efe93e2-ee62-11d9-8310-0001020eed82)NessusFreeBSD Local Security Checks
high
21207Mandrake Linux Security Advisory : sash (MDKSA-2006:070)NessusMandriva Local Security Checks
high
20552Ubuntu 4.10 / 5.04 / 5.10 : rpm vulnerability (USN-151-4)NessusUbuntu Local Security Checks
high
20551Ubuntu 4.10 / 5.04 / 5.10 : aide vulnerabilities (USN-151-3)NessusUbuntu Local Security Checks
high
20550Ubuntu 4.10 / 5.04 : dpkg, ia32-libs, amd64-libs vulnerabilities (USN-151-2)NessusUbuntu Local Security Checks
high
20549Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-151-1)NessusUbuntu Local Security Checks
high
20543Ubuntu 4.10 / 5.04 : zlib vulnerability (USN-148-1)NessusUbuntu Local Security Checks
high
20124Mandrake Linux Security Advisory : perl-Compress-Zlib (MDKSA-2005:196)NessusMandriva Local Security Checks
high
19844Solaris 9 (x86) : 119212-36NessusSolaris Local Security Checks
high
19842Solaris 9 (sparc) : 119211-36NessusSolaris Local Security Checks
high
19817GLSA-200509-18 : Qt: Buffer overflow in the included zlib libraryNessusGentoo Local Security Checks
high
19567Debian DSA-797-2 : zsync - denial of serviceNessusDebian Local Security Checks
high
19463Mac OS X Multiple Vulnerabilities (Security Update 2005-007)NessusMacOS X Local Security Checks
critical
19361GLSA-200508-01 : Compress::Zlib: Buffer overflowNessusGentoo Local Security Checks
high
19330GLSA-200507-28 : AMD64 x86 emulation base libraries: Buffer overflowNessusGentoo Local Security Checks
high
19248SUSE-SA:2005:039: zlibNessusSuSE Local Security Checks
high
18799Slackware 10.0 / 10.1 / current : zlib DoS (SSA:2005-189-01)NessusSlackware Local Security Checks
high
18649Mandrake Linux Security Advisory : zlib (MDKSA-2005:112)NessusMandriva Local Security Checks
high
18635RHEL 4 : zlib (RHSA-2005:569)NessusRed Hat Local Security Checks
high
18634GLSA-200507-05 : zlib: Buffer overflowNessusGentoo Local Security Checks
high
18632Debian DSA-740-1 : zlib - remote denial of serviceNessusDebian Local Security Checks
high
801019Safari < 3.2 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high